Blue Coat Targets IPv6 for the Enterprise

As IPv4 address space nears exhaustion, the challenges of effectively using the next generation IPv6 addressing system are likely to soon concern enterprises. While most modern operating systems today support IPv6 addresses, application awareness and connectivity is another issue.

It's a challenge that networking vendor Blue Coat (Nasdaq: BCSI) is tackling with its ProxySG appliance and its underlying SGOS 5.5 operating system. The ProxySG is a secure gateway appliance from Blue Coat that provides security, acceleration and content filtering capabilities.

Even as IPv4 space become scarce, there will still be a need to connect IPv4 networks to IPv6 ones. Current methods include tunneling IPv6 traffic over IPv4 -- or vice versa -- and then attempting to translate where the packets are supposed to go.

Qing Li, Blue Coat's chief scientist and senior technologist, said that the problem with tunneling is that the solution only works if the packet payload doesn't include addressing information. That means that if a packet had IPv6 address information and it is run over an IPv4 network the application won't know what to do with that information.

"At Blue Coat, we've spent five years designing a new mechanism focused on seamless translation from IPv4 to IPv6 by not using convention translation or tunneling mechanisms but by looking at the semantics of the IPv6 architecture," Li told InternetNews.com.

The Blue Coat approach is also different than what is referred to as a dual-stack solution where a device can run both IPv4 and IPv6. Li explained that with dual stack the underlying operating system and the applications need to be aware of both Internet protocols.

"If you have a traditional application that has no knowledge of how IPv6 operates and doesn't understand IPv6 packet formats, that application can't take advantage of the dual-stack setup," Li said. "It still can't work since when the application listens for requests, it will still be listening for requests on IPv4."

Li added that if content is only available on a specific IPv6 address and does not have any DNS information attached to it, users will not be able to connect.

"By using Blue Coat what happens is when a request is sent, we will apply a policy-based transition and translate the IPv6 URL into something that traditional apps understand so it is transparent to them," Li said. "We talk natively to the traditional apps and then we talk natively on IPv6 to the content servers."

To date, IPv6 has not yet been widely adopted in enterprises, and, as such, some people might not think there is a need for an IPv6-enabled device like the ProxySG. Li however has a different view of IPv6 as a technology that will help enterprises solve some of their local networking issues.

In particular, he noted that with IPv6, NAT is no longer required. With NAT, enterprise users get a private address that can make network administration difficult in terms of firewall policies and access. With IPv6 every endpoint can get its own address, eliminating the need for NAT.

As an example, Li noted that Blue Coat's engineering group has adopted IPv6 for their LAN, but still need to get to their IPv4 e-mail servers.

"We give enterprise users the option to take advantage of the best of IPv4 and IPv6," Li said. "You can use IPv6 to simplify network management and at the same time there is no discontinuity in your application deployment and you can still get to your file shares and mail servers that are still on IPv4."

Patents and open source

Blue Coat and in particular Li himself are contributors to the open source FreeBSD operating system. Li noted however that when he began the effort to build the new IPv6 translation capability into the ProxySG he didn't pull much code from the open source community.

Additionally, Li pointed out that Blue Coat has filed various patents on the IPv6 transition mechanism used by the ProxySG, but that doesn't mean that Li isn't sharing his knowledge with others.

"We want to share with the community as we want to help enterprises recognize the benefits of IPv6 and enable them to understand how to fully utilize it," Li said. "That's why I publish research papers and do open source work -- to share the wealth. One of our goals is to help accelerate the adoption of IPv6 as well."